Steps to disable SSLv3 protocol (POODLE VULNERABILITY) on Appservers that are supported by Identity Governance

This applies to CA Identity Governance

What is the POODLE Vulnerability?

The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message. (CA Support official statement can be reviewed by following the link http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/tls-poodle-vulnerability-statement.aspx )

Who is affected by this Vulnerability?

This vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software implementing a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.

Some common pieces of software that may be affected are web browsers, web servers, VPN servers, mail servers, etc.

How Can I Protect Myself?

Servers and clients should take steps to disable SSLv3 support completely. Many applications use better encryption by default, but implement SSLv3 support as a fallback option. This should be disabled, as a malicious user can force SSLv3 communication if both participants allow it as an acceptable method.